RE: query on firewall throughput.....

[charles lindsay <frostbackeng () yahoo com>]

throughput: how many bits per second (actually bytes,
and more practically, packets of a partiucular size)
the firewall can process in second, under specific
laboratory conditions.  Nominally, the faster the
better, but it may be very traffic dependent, this
isn't a router/switch you are testing: a firewall may
need to look deeper in some packets than others, and
apply extensive rules for some applications.  Fast
scanning of packets for viruses is expensive, and to
do it really fast requires specialized hardware, which
costs $$$.

(1 Gbps = 1000 Mbps).

The number of concurrent sessions is important in a
firewall because the firewall has to store some state
information about each TCP/UDP connection and each
outstanding ICMP request.  For example, if you are
using Network Address Translation (NAT), it is
important to maintain the same mapping of internal to
external address (and TCP/UDP port) for the whole
exchange.  If you are scanning for virus signatures,
you probably have to do some form of re-assembly
(turning a series of packets into a stream).  Session
state takes memory, large amounts of memory costs
$$$$.

Of course marketing numbers are different than the
real world, and you probably want to select a firewall
on the basis of what you need, not what the vendor
wants to sell you.

> > Hi all,
> >
> > I have seen and  read  some of the  Firewall 
vendors say that their
> > firewall throughput is put 380 mbps or 1Gbps  with 
some 2,80,000
> > concurrent sessions.  What does it mean ?  Please
clarify me.
> > Thanks in advance..
> >
> > Sai


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com